If you discover a security vulnerability in CI-Lib, Tank & Dozer, or any associated component, please report it privately.
Do not open a public issue. Instead, email the maintainer or open a draft security advisory on GitHub.
We will acknowledge receipt within 48 hours and provide a timeline for a fix. Security issues are prioritised above all other work.
ci_lib/— Core library codebackend/— FastAPI REST APIfrontend/— Streamlit dashboardtankdozer/— CLI tool
- Third-party dependencies (report to their respective maintainers)
- Theoretical attacks requiring physical access
- Vulnerabilities in unmaintained versions
We follow coordinated disclosure: a fix will be released before public announcement.